When it comes to the new security functions in Windows Vista, User Account Control is the one people tend to scratch their heads over, Gartner Analyst Neil MacDonald said during his presentation on implementing Vista security at Gartner's IT Security Summit here on June 4. "It's one that has plenty of people confused regarding what, exactly, it is," MacDonald said.

In fact, UAC isn't one capability; rather, it's a set of Vista capabilities that collectively help to limit the ability of applications and users to make unsanctioned system changes—whether the user is running as an administrator or as a standard user. "The idea is that when a piece of software is asking for user credentials … you shouldn't just hand them over," MacDonald said. UAC's raison d'Ãªtre is basically to cure the new operating system of a legacy of bad applications that freely granted administrator rights—a tendency that has eased malware writers' jobs. "Malicious code would be far less effective if users ran without administrative privileges," MacDonald said.